search

amphp / mysql

An async MySQL client for PHP, optimizing database interactions with efficient non-blocking capabilities. Perfect for responsive, high-performance applications.
Other
358 stars 63 forks source link

Buffer overflow running in Centos guest. #5

Closed Danack closed 7 years ago

Danack commented 9 years ago

I'm attempting to run example 003_generic_with_yield inside a vagrant box. The guest OS is Centos 6.4, the host is OSX.

Using a valid IP address the code appears to cause a buffer overflow. This happens whether I use the IP address of '10.0.2.2' which is the correct one that has MySQL running on it, or '127.0.0.1' which obviously exists, but doesn't have MySQL running on it.

There error isn't shown if I attempt to use an IP address that is unreachable.

[root@rpm examples]# strace /usr/local/bin/php 003_generic_with_yield.php > AmpMySQLOverflow.txt 2>&1
*** buffer overflow detected ***: strace terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7fdb95bb7507]
/lib64/libc.so.6(+0x1003f0)[0x7fdb95bb53f0]
/lib64/libc.so.6(+0xff2a7)[0x7fdb95bb42a7]
strace[0x409c1c]
strace[0x40592f]
strace[0x403045]
strace[0x404661]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7fdb95ad3cdd]
strace[0x401fd9]
======= Memory map: ========
00400000-0044a000 r-xp 00000000 fd:00 4460201                            /usr/bin/strace
0064a000-0064b000 rw-p 0004a000 fd:00 4460201                            /usr/bin/strace
0064b000-00659000 rw-p 00000000 00:00 0 
00671000-00692000 rw-p 00000000 00:00 0                                  [heap]
7fdb9589f000-7fdb958b5000 r-xp 00000000 fd:00 28836039                   /lib64/libgcc_s-4.4.7-20120601.so.1
7fdb958b5000-7fdb95ab4000 ---p 00016000 fd:00 28836039                   /lib64/libgcc_s-4.4.7-20120601.so.1
7fdb95ab4000-7fdb95ab5000 rw-p 00015000 fd:00 28836039                   /lib64/libgcc_s-4.4.7-20120601.so.1
7fdb95ab5000-7fdb95c3f000 r-xp 00000000 fd:00 28835854                   /lib64/libc-2.12.so
7fdb95c3f000-7fdb95e3e000 ---p 0018a000 fd:00 28835854                   /lib64/libc-2.12.so
7fdb95e3e000-7fdb95e42000 r--p 00189000 fd:00 28835854                   /lib64/libc-2.12.so
7fdb95e42000-7fdb95e43000 rw-p 0018d000 fd:00 28835854                   /lib64/libc-2.12.so
7fdb95e43000-7fdb95e48000 rw-p 00000000 00:00 0 
7fdb95e48000-7fdb95e68000 r-xp 00000000 fd:00 28835847                   /lib64/ld-2.12.so
7fdb9605b000-7fdb9605e000 rw-p 00000000 00:00 0 
7fdb96065000-7fdb96067000 rw-p 00000000 00:00 0 
7fdb96067000-7fdb96068000 r--p 0001f000 fd:00 28835847                   /lib64/ld-2.12.so
7fdb96068000-7fdb96069000 rw-p 00020000 fd:00 28835847                   /lib64/ld-2.12.so
7fdb96069000-7fdb9606a000 rw-p 00000000 00:00 0 
7fffcbe85000-7fffcbe9a000 rw-p 00000000 00:00 0                          [stack]
7fffcbf03000-7fffcbf04000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

The full output of the strace is too large to post here; it is on S3: https://s3.amazonaws.com/static.basereality.com/AmpMySQLOverflow.txt

bwoebi commented 9 years ago

Maybe that's an issue from the looping and fixed now? anyway, with current version I don't have any such issue.

Neither on Debian nor on OS X.

kelunik commented 7 years ago

Closing this, please open a bug on https://bugs.php.net if the problem is still reproducible.